This allows the LSM to distinguish between syslog functions originatingfrom /proc/kmsg access and direct syscalls. By default, the commoncapswill now no longer require CAP_SYS_ADMIN to read an opened /proc/kmsgfile descriptor. For example the kernel syslog reader can now dropprivileges after opening /proc/kmsg, instead of staying privileged withCAP_SYS_ADMIN. MAC systems that implement security_syslog have unchangedbehavior.